This fake invoice email leads to malware on forummersedec.ru:Date: Fri, 22 Feb 2013 11:33:38 +0530
From: AlissonNistler@[victimdomain]
Subject: Re: FW: End of Aug. Stat.
Attachments: Invoices-1207-2012.htm
Hallo,
as reqeusted I give you inovices issued to you per dec. 2012 ( Internet Explorer/Mozilla Firefox file)
Regards
The attachment attempts to redirect the victim to a malicious payload at [donotclick]forummersedec.ru:8080/forum/links/column.php (report here) hosted on
84.23.66.74 (EUserv Internet, Germany)
122.160.168.219 (Trackon Couriers, India)
The following IPs and domains are related and should be blocked:
84.23.66.74
122.160.168.219
eiiiioovvv.ru
ejjiipprr.ru
emmmhhh.ru
errriiiijjjj.ru
famagatra.ru
familanar.ru
faneroomk.ru
filialkas.ru
finalions.ru
forummersedec.ru
fuigadosi.ru
fulinaohps.ru
fzukungda.ru
No comments:
Post a Comment